The present invention relates generally to the field of access control, and particularly to a system and method for verifying the identity of a platform or other device prior to granting access to a private communication channel, to data or to programs.
The Internet has become a convenient way for a broad class of computer users to access, distribute and exchange informationxe2x80x94evident from the large number of individuals, companies and other organizations that have established web sites on the World Wide Web. The Internet permits users to easily access publicly available information, to communicate over private channels, and to access restricted information, such as medical records and bank accounts.
Although the user""s identity is of little importance when granting access to a publicly available web site, strong user authentication is needed to limit access to private teleconferences and restricted information. As users begin to adopt the Internet as a communication channel, the need to identify those calling in from the other end of the line, i.e., the need for a xe2x80x9ccaller IDxe2x80x9d feature like the one telephone companies provide, is becoming more important. Such a xe2x80x9ccaller IDxe2x80x9d feature may apply to on-line banking, remote user dial in to access confidential information, and communications (e.g., to control access to chat rooms or private teleconferences, or to facilitate on-line game usage). In addition, such a xe2x80x9ccaller IDxe2x80x9d feature may enable parental control to prevent children from accessing various web sites.
Although at first glance current authentication methods, such as user identification/password combinations, tokens, and digital signatures, may seem capable of providing such a xe2x80x9ccaller IDxe2x80x9d function, there are drawbacks to using such methods. Although the combination of a user name (or other user identification) with a user password is easy to implement, such a combination is not very reliable. Passwords may be derived from guesswork or using relatively unsophisticated cracking tools. They also may be shared. Content providers are especially vulnerable to password sharing, which can result in unintentionally supplying content to non-subscribers who obtained access to a subscriber""s password. Storing a user identification, password combination in a xe2x80x9ccookiexe2x80x9d, which a web server can read prior to permitting browser access, does not solve this inherent problem, as cookies can be shared, too.
Tokens provide stronger authentication, but are expensive to deploy and maintain. A digital signature may not reliably identify a user, if the user either accidentally or intentionally gives imposters access to the user""s private key. Moreover, broad deployment of this authentication method requires a public key infrastructure that does not yet exist.
Given the drawbacks inherent in currently available authentication methods, there is a need for an inexpensive, scaleable, tamper resistant, and user friendly way to verify a users identity. As the user generally relies on a computer or other device to obtain access to data and programming instructions, one way to help identify the userxe2x80x94e.g., to ensure access is restricted to authorized users onlyxe2x80x94is to identify the platform or other device the user employs when trying to obtain access. As described below, the present invention proposes a system and method for identifying such a platform or device prior to granting access to an object.
The present invention relates to a system and method for controlling access to an object. The system stores an object and a processor identifier. The system includes a verification agent that can access information embedded in a processor and then calculate from that embedded information a value that may be compared with the stored processor identifier. A comparison agent is used to compare that value with the processor identifier to determine whether the processor corresponds to the processor identifier. If the value that the verification agent returns matches the processor identifier, then the user is granted access to the object.
There are many applications for a processor identifier, or other platform identifier, as will be described in more detail below. Some examples include: Internet based communication; Internet based activities restricted to only certain users; web surfing pattern tracking, which may enable content providers and on-line retailers to tailor their products to meet customer preferences; on-line voting, surveys or similar user preference activity; and for verifying the identity of a user seeking access over a virtual private network.